Author Topic: Hacked??  (Read 3726 times)

dextaslab

  • Veteran
  • ***
  • Posts: 77
    • View Profile
    • modlog.net
Hacked??
« on: June 16, 2012, 02:46:47 pm »
Hi... yeah this is awkward... I was trolling the logs and found some wierd entries:

0 OK id=1Sfs8s-0006UR-5t)
Jun 16 20:30:14 dcerouter postfix/qmgr[14701]: A64141CA2DDE: removed
Jun 16 20:35:11 dcerouter postfix/pickup[22848]: BB3F81CA2DDD: uid=0 from=<root>
Jun 16 20:35:11 dcerouter postfix/cleanup[3513]: BB3F81CA2DDD: message-id=<20120616123511.BB3F81CA2DDD@fluffybitch.org>
Jun 16 20:35:11 dcerouter postfix/qmgr[14701]: BB3F81CA2DDD: from=<root@fluffybitch.org>, size=1800, nrcpt=1 (queue active)
Jun 16 20:35:12 dcerouter postfix/smtp[3515]: BB3F81CA2DDD: to=<root@fluffybitch.org>, orig_to=<root>, relay=mail.xzy.net[10.0.0.1]:25, delay=10, delays=10/0.02/0.12/0.36, dsn=2.0.0, status=sent (250 OK id=1SfsDg-0008NE-2s)

and also found these:
grep fluffybitch /etc/* -r
/etc/mailname:fluffybitch.org
/etc/postfix/main.cf.orig:myhostname = fluffybitch.org
/etc/postfix/main.cf.orig:mydestination = fluffybitch.org, localhost.org, , localhost
/etc/postfix/main.cf:myhostname = fluffybitch.org

Then googled and found this among many: http://pastebin.com/v168cg38
« Last Edit: June 16, 2012, 03:31:22 pm by hari »

l3mce

  • NEEDS to work for LinuxMCE
  • ***
  • Posts: 1084
    • View Profile
Re: Hacked??
« Reply #1 on: June 16, 2012, 03:00:44 pm »
Fluffybitch is the server which generates the snapshots. You were not hacked.


We will clean those up though, thanks for pointing them out.
I never quit... I just ping out.

dextaslab

  • Veteran
  • ***
  • Posts: 77
    • View Profile
    • modlog.net
Re: Hacked??
« Reply #2 on: June 16, 2012, 03:07:57 pm »
PMSL  :D thats ok then, sry for spamming your server with what I believe was failed cron jobs

JaseP

  • Addicted
  • *
  • Posts: 526
    • View Profile
    • JaseP's LinuxMCE Wiki User page
Re: Hacked??
« Reply #3 on: June 17, 2012, 03:40:04 am »
By the way,.. love the server's name... (But it does kind of explain why he thought he was hacked, though).
See my User page on the LinuxMCE Wiki for a description of my system configuration (click the little globe under my profile pic).